# .github/workflows/deploy.yml (excerpt) - name: Backup production env before deploy run: | ssh production-server "cp .env.production .env.backup.production.pre-deploy-$(date +%s)" A backup is worthless if nobody knows how to restore it. Every team member with production access should memorize this simple recovery procedure. Conduct quarterly drills.
| Feature | .env.example | .env.backup.production | | :--- | :--- | :--- | | | No (uses DB_PASSWORD=changeme ) | Yes (contains actual database password) | | Can be committed to git | Yes (safe) | Never (unsafe unless encrypted) | | Restores a live system | No (requires manual entry of secrets) | Yes (one command restore) | | Backup rotation needed | No | Yes | .env.backup.production
export ENV_BACKUP_PATH="$APP_HOME/.env.backup.production" If .env.backup.production is your only backup, you have no safe environment to test the restoration process. | Feature |
But a team with a strict backup protocol does the following: .env.backup.production